CVE-2025-68438
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include user-registered mask_secret() patterns, so secrets were not reliably masked before truncation and display.
Users are recommended to upgrade to 3.1.6 or later, which fixes this issue
Users are recommended to upgrade to 3.1.6 or later, which fixes this issue
Vendor
Product
CWE
Yayın Tarihi
2026-01-16 11:16:03
Güncelleme
2026-01-21 13:44:43
Source Identifier
security@apache.org
KEV Date Added
-